question

AllenKavalamExternal-2771 avatar image
0 Votes"
AllenKavalamExternal-2771 asked CarlZhao-MSFT commented

Is it mandatory to register an app to use Graph API

I am having python script that will produce a csv file. I want to upload this to onedrive. When I searched, the first step itself is to create an application in Azure portal. But I can't create application because I don't have access to that feature.
So this is my workaround,
--I am not sure is this the supposed way--
I have gone to Graph explorer. When I run the query I got client request ID and Access token. Using this I will make a curl request like
curl.exe https://graph.microsoft.com/v1.0/me/drive/root:/folderA/file.csv:/content -H "Content-Type:plain/text" -H "Authorization: Bearer access-token-here" -X PUT -H "client-request-id: client-request-id-here" --data-binary "@path/to_file.csv"
I am sure if it is working with curl, I can surely make it work using some Python library.
There are two challenges:

  1. Access token will expire soon. so I want to implement refresh token, The example provided in this doc is not suiting my use case https://docs.microsoft.com/en-us/graph/auth-v2-user

  2. Is giving access token in script a security issue, how can I overcome this.

Thank you




microsoft-graph-explorer
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

CarlZhao-MSFT avatar image
0 Votes"
CarlZhao-MSFT answered CarlZhao-MSFT commented

First of all, I do not recommend that you directly copy the token in Graph explorer. The token is obtained through your username/password when you log in to the Graph explorer tool. It will expire in a period of time and cannot be refreshed yet, you can only log in to Graph explorer again to get a new token when the token expires.

And I think that putting the token directly in the script is inherently a certain security problem. So, from the perspective of security and versatility, I suggest you contact your administrator to create an application in the Azure portal, and then use auth code flow in the script to obtain the access token and refresh token.

· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Thanks for the response.
Can we can use az cli for such purposes ,Will I be able to upload using az rest option?
I have tried it, it's working for basic command like az rest --method get --url https://graph.microsoft.com/v1.0/me/
But NOT working when I use command for eg: to check recent files in onedrive using this command
az rest --method get --url https://graph.microsoft.com/v1.0/me/drive/recent
it is showing this error
Not Found({"error":{"code":"itemNotFound","message":"Item not found","innerError":{"date":"2021-09-13T09:40:22","request-id":"id hidden","client-request-id":"id hidden"}}})
As far as I checked https://graph.microsoft.com/v1.0/me/ and https://graph.microsoft.com/v1.0/users are only the ones working.
I assume it is related to scope issue. Is it possible to edit scope without creating application?

Thank You

0 Votes 0 ·
CarlZhao-MSFT avatar image CarlZhao-MSFT AllenKavalamExternal-2771 ·

This error is somewhat misleading. In fact, your error is the lack of Files.Read permission, so you must ensure that your token has this permission. And according to my experience, if you don’t have an application, you will not be able to grant permissions and set the scope. Creating an application is the first step for you to solve the problem.

1 Vote 1 ·

If I use the access token from graph explorer as input to my script instead of hardcoding, will it be safe?
In that case I can proceed with this way instead of creating application.

Thank you

0 Votes 0 ·
Show more comments
CarlZhao-MSFT avatar image CarlZhao-MSFT AllenKavalamExternal-2771 ·


If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·